package com.example.securtydemo.controller;

import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
@RequestMapping("/hello")
public class HelloController {

    @GetMapping
    public String hello() {
        return "hello, spring security! ";
    }

    @GetMapping("/helloAdmin")
    //@PreAuthorize("hasAnyRole('admin')")
    public String helloAdmin() {
        return "hello, admin! ";
    }

    @GetMapping("/helloUser")
    //@PreAuthorize("hasAnyRole('normal','admin')")
    public String helloUser() {
        return "hello, user! ";
    }
}
